Search our Knowledge Base

Tag: vulnerability

AMP for WP -Accelerated Mobile Pages allows your site to be faster for mobile visitors. Along with last week’s report, the AMP plugin has also been added to the list exploited. The AMP for WP plugin was reported on October 20, 2018, by its developers. Luckily, the newest version, 0.9.97.20, of this plugin has patched for their known security flaws. This exploit has the means of putting 100,000+ users at potential risk, so its best to check if you are utilizing this plugin. In this tutorial, we will be checking if you use this plugin. Along with updating, we will also show you how to check if your site for compromises.

In the vein of the WP GDPR plugin exploit, the AMP hack allows code vulnerability to make site-wide changes. Bots scan for sites using the AMP plugin and use an XSS security bug to create a new user that has admin-like privileges. The vulnerable versions’ (below 0.9.97.20) code didn’t cross check to see if registered users had the permissions to perform some actions. With administrative like privileges a hacker can hide their code within your WordPress files to use to take over your website. Additionally, they can upload files, update plugins, read files, and inject posts.

Identify If You Use AMP for WP

By logging into your WordPress backend you can easily see if you are subject to this exploit.

Step 1: Enter the WordPress backend by going to yourdomain.com/wp-login.php in your browser.Step 2: Login with your WordPress username and password and navigate to Plugins and click on Installed Plugins on the left-hand side of your screen.Step 3: Scroll down through any installed plugins to see if you have Accelerated Mobile Pages within your list, followed by its version. Any version below 0.9.97.20 is still vulnerable and you’ll have to perform a few actions to protect yourself.

Restore from a backup dated before October 20, 2018 (keep in mind this will still have the old version and your site will still be in danger).

As time goes by, more plugins will give way to more vulnerabilities but there are some proactive steps to ensure your site’s security. For insight into ways of protecting your WordPress site look into our article on the subject, The Best Ways to Protect Your WordPress Site.

As of November 9, 2018, the WP GDPR Compliance plugin has been exploited by hackers. This plugin aids e-commerce site owners in compliance with European privacy standards. Since the very nature of GDPR is to protect the personal data and privacy of EU citizens, it should be tended to as soon as possible to avoid a costly cleanup. WP GDPR Compliance is also known for working in conjunction with many forms including Contact Form 7, Gravity Forms, and WordPress Comments.

The main characteristic of this hack is the addition of new users, users with admin privileges. These administrative users have full access to your WordPress site. With Admin users a hacker can alter your site without your knowledge, including making rouge pages or selling your visitor’s information.

Identify If You Use WP GDPR

If you are familiar with how to log in to your WordPress backend you can easily see if you are using this plugin.

Step 1:Enter the WordPress backend by going to yourdomain.com/wp-login.php in your browser.

Step 2: Login with your WordPress username and password and navigate to Plugins and click on Installed Plugins on the left-hand side of your screen.

Step 3: Scroll down through any installed plugins to see if WP GDPR Compliance is within your list. On this screen, you’ll be able to see the version of the plugin to the right of the plugin name. Any version less than 1.4.3 is vulnerable and should be updated.

Note:

Documented evidence shows an inactive GDPR plugin is not vulnerable to the exploit.

Upgrade WP GDPR

Although this is a severe exploit, it is easy to patch and protect yourself by performing a simple update.

Step 1: Follow the steps above in the section “How to Identify if you use the WP GDPR plugin” to login and locate your Plugins menu.

Step 2: Afterwards, find WP GDPR Compliance, if you are running an outdated version you’ll see a message letting you know you can update. Selecting the “update now” link will automatically upgrade to the newest version.

Overview

Information on CVE-2015-5154 was made public on July 27, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.

Impact

Specifically a flaw with how QEMU’s IDE subsystem handles buffer access while processing certain ATAPI commands, exploitation can allow for the execution of arbitrary code on the host with the privileges of the host’s QEMU process corresponding to the guest.

Summary

Made public on July 27, 2015

This flaw exploits QEMU, a generic and open source machine emulator.

Allows for an attacker to execute arbitrary code outside of their own virtual machine.

VENOM, or Virtualized Environment Neglected Operations Manipulation, was made public on May 13, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.

Impact

Specifically a flaw with how QEMU handles out-of-bounds memory access, exploitation can cause the entire hypervisor to crash and may allow an attacker to access other virtual machines outside of their own.

Summary

Made public on May 13, 2015

This flaw exploits QEMU, a generic and open source machine emulator.

Allows for an attacker to access other virtual machines outside of their own.

The popular WordPress plugin WP Super Cache has been found to have a cross-site scripting (XSS) vulnerability in versions prior to 1.4.4. On sites with outdated versions, it is possible for an attacker to take complete control of the WordPress site. Please note: this vulnerability only affects users which have installed WP Super Cache. However, if you are unsure if you use the plugin or not you should still take precautions to protect your site.

Thankfully, this is vulnerability is simple to address; version 1.4.4, available now, contains a patch.

On September 24th, a vulnerability was reported in the GNU Bourne-Again-Shell (BASh, or Bash), specifically a flaw with how Bash processes values of environment variables, that allows remote code execution of varying types in many common configurations. The overall risk is severe due to bash being configured for use, by default, on most Linux servers.

While Liquid Web immediately began working to proactively patch this vulnerability, some servers may remain vulnerable depending on their update settings or other unforeseen intervening factors. Thus, we’ve provided the instruction below.

To Summarize:

This flaw exploits Bash, a Unix command-line shell run by default on most Linux servers.

Allows for remote code execution, and many types of command-line based attacks.